Vault as a payment method provides store customers with ability to use the previously saved credit card information for checkout. This information is stored safely on the side of trusted payments gateways (Braintree, PayPal). Not storing the sensitive credit card information is one of the PCI compliance requirements.
The Magento Vault is implemented using the Magento payment gateway. It is used in the out-of-the-box vault implementation for the Braintree payment method. Third party developers can use it to add vault to their custom payment provider integration.
The following diagram shows a simplified interaction flow between Magento sales management, vault, payment integration and external payment service provider.
The flow is similar to usual Magento payment gateway interaction flow.
The main difference is that when vault is used, it defines what command is required and when it must be called.
Adding vault: general steps
Magento vault implementation provides that vault is available as a separate payment method during order creation (storefront or admin). But technically it is tightly related to the corresponding payment provider integration. You do not need to create a new module for vault implementation. All required configuration and entities are added to the module of the payment provider integration.
The topics of this chapter describe how to add the vault functionality to a payment method (the payment method must be implemented using Magento payment gateway):
- Add vault to module dependencies.
- Configure vault general parameters.
- Add vault and payment methods entities using dependency injection configuration.
- Implement the ability for customers to choose whether to use vault.
- Storing and processing the payment related data.
- Adding and using UI_Vault component to place orders on the storefront.
- Display stored tokens for customer and process their deleting.
- Using stored tokens to place an order from Admin panel.